[Desktop-packages] [Bug 2055148] Re: NetworkManager connections with an explicit DoT (DNS over TLS) are not supported with Netplan

Fri, 15 Mar 2024 04:35:36 -0700 

So, I believe the best solution here would be to add options to DNS
addresses, similar to what we do with IP addresses. Something like this

nameservers:
  addresses:
    - 1.2.3.4:
        sni: domain
        port: 1234
        interface: eth123
    - 1.1.1.1

with this we'd fully support both Network Manager and networkd backends.

Right now NM seems to support only the SNI parameter (1.2.3.4#domain)
but networkd supports more:

"111.222.333.444:9953%ifname#example.com" for IPv4 and
"[1111:2222::3333]:9953%ifname#example.com" for IPv6.

Alternatively, to keep things simpler, we could just accept the string
1.2.3.4#domain (and possibly the full notation used by networkd too).

What do you think, Lukas?

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/2055148

Title:
  NetworkManager connections with an explicit DoT (DNS over TLS) are not
  supported with Netplan

Status in netplan:
  New
Status in netplan.io package in Ubuntu:
  Confirmed
Status in network-manager package in Ubuntu:
  Confirmed

Bug description:
  From: https://discourse.ubuntu.com/t/blog-netplan-developer-
  diaries/35932/11

  Hi all,

  NetworkManager connections with an explicit DoT (DNS over TLS)
  configuration are not supported with Netplan, but NetworkManager does
  feed back the DoT DNS info with server address and Server Name
  Indication (SNI) in the form server_address#SNI, e.g.
  1.2.3.4#dns.myhome.com as nameserver addresses to Netplan. As a
  result, subsequent Netplan config applications fail because DNS
  servers don’t have the expected dotted decimal (IPv4) or colon’ed hex
  (IPv6) form.

  ```
  nmcli> describe ipv4.dns

  === [dns] ===
  [NM property description]
  Array of IP addresses of DNS servers. For DoT (DNS over TLS), the SNI server 
name can be specified by appending "#example.com" to the IP address of the DNS 
server. This currently only has effect when using systemd-resolved.
  ```

To manage notifications about this bug go to:
https://bugs.launchpad.net/netplan/+bug/2055148/+subscriptions


-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to     : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to